def do_login(self):
print(self.mds, end=self.term)
print(self.policy2cma[self.policy], end=self.term)
self.sid = apifunctions.login("roapi", "1qazxsw2", self.mds,
self.policy2cma[self.policy])
print("session id : " + self.sid, end=self.term)
def main():
debug = 0
inputfile = sys.argv[1]
ip_addr = input("enter IP of MDS : ")
ip_cma = input("enter IP of CMA : ")
user = input("enter P1 user id : ")
password = getpass.getpass('Enter P1 Password : '******',', quotechar='|')
for row in reader:
grp = row[0]
try:
meta = row[1]
except:
#no one put meta data in ... need this to avoid error condition
meta = "n/a"
try:
policy = row[2]
except:
#no data to pull
policy = "n/a"
try:
search_str = row[3]
except:
search_str = "0.0.0.0"
#print("*********")
with open('routezone.csv', 'a') as writer:
writer.write(grp + "\n")
writer.write("Meta:" + meta + "\n")
writer.write("Policy:" + policy + "\n")
print(grp)
print("Meta:" + meta)
print("Policy:" + policy)
a_base64_message = get_routes(grp, ip_addr, sid)
networks = convert64(a_base64_message, search_str)
for i in range(len(networks)):
print(networks[i])
writer.write(networks[i] + "\n")
print("****")
writer.write("****" + "\n")
# don't need to publish
time.sleep(20)
### logout
logout_result = apifunctions.api_call(ip_addr, "logout", {}, sid)
if (debug == 1):
print(logout_result)
def main():
debug = 0
if(debug == 1):
print("extract zones : version 0.1")
parser = argparse.ArgumentParser(description='Zone Extractor')
parser.add_argument("-m", required=True, help="MDS IP")
parser.add_argument("-c", required=True, help="CMA IP")
parser.add_argument("-f", required=True, help="input csv")
args=parser.parse_args()
ip_addr = args.m
ip_cma = args.c
user = "******"
password = "******"
sid = apifunctions.login(user,password, ip_addr, ip_cma)
if(debug == 1):
print("session id : " + sid)
with open(args.f) as csvfile:
reader = csv.reader(csvfile, delimiter=',', quotechar='|')
for row in reader:
grp = row[0]
try:
meta = row[1]
except:
#no one put meta data in ... need this to avoid error condition
meta = "n/a"
try:
policy = row[2]
except:
#no data to pull
policy = "n/a"
#print("*********")
print(grp)
print("Meta:" + meta)
print("Policy:" + policy)
get_group_contents(grp,ip_addr,sid)
print("****")
# don't need to publish
time.sleep(20)
### logout
logout_result = apifunctions.api_call(ip_addr, "logout", {}, sid)
if(debug == 1):
print(logout_result)
def main():
debug = 1
grpdate = set()
grpdata = importdata('EAI_PGH2LAS.csv') #EAI_PGH2LAS.csv
ip_addr = input("enter IP of MDS : ")
ip_cma = input("enter IP of CMA : ")
user = input("enter P1 user id : ")
password = getpass.getpass('Enter P1 Password : '******'')
grp.print_appgroup()
create_group(grp, ip_addr, sid)
publish_counter += 1
if(publish_counter == 50):
##call publish
print("incremental publish")
time.sleep(10)
publish_result = apifunctions.api_call(ip_cma, "publish", {}, sid)
print("publish results : " + json.dumps(publish_result))
time.sleep(20)
publish_counter = 0
## Publish pending changes
print("Start of Publish ... zzzzz")
time.sleep(10)
publish_result = apifunctions.api_call(ip_cma, "publish", {}, sid)
print("publish results : " + json.dumps(publish_result))
time.sleep(10)
## Logout
logout_result = apifunctions.api_call(ip_addr, "logout", {}, sid)
if(debug == 1):
print(logout_result)
if (debug == 1):
print("policy get : version 0.1")
parser = argparse.ArgumentParser(description='Policy Extractor')
parser.add_argument("-m", required=True, help="MDS IP")
parser.add_argument("-c", required=True, help="CMA IP")
args = parser.parse_args()
ip_addr = args.m
ip_cma = args.c
user = "******"
password = "******"
sid = apifunctions.login(user, password, ip_addr, ip_cma)
if (debug == 1):
print("session id : " + sid)
get_package_result = apifunctions.api_call(ip_addr, "show-packages",
{"details-level": "full"}, sid)
policy_select = {}
policy_index = 0 # things should start 0
for i in range(get_package_result['total']):
size_of_package = len(
get_package_result['packages'][i]['access-layers'])
for j in range(size_of_package):
current_name = get_package_result['packages'][i]['access-layers'][
def main():
debug = 1
#inputfile = sys.argv[1]
print("CheckPoint BulkAdd3 version 0.85")
parser = argparse.ArgumentParser(description='Bulk Add Script')
parser.add_argument("-f", required=True, help="name of csv file")
parser.add_argument("-y", required=False, help="yes to auto create groups")
args = parser.parse_args()
inputfile = args.f
if (debug == 1):
print(args.y)
#before we login to the mds ... make sure input file is good
if (csvisgood(inputfile) == False):
print("input CSV is malformed.")
exit(1)
ip_addr = input("enter IP of MDS : ")
ip_cma = input("enter IP of CMA : ")
user = input("enter P1 user id : ")
password = getpass.getpass('Enter P1 Password : '******'') as csvfile:
csvreader = csv.reader(csvfile, delimiter=',', quotechar='|')
for row in csvreader:
row_type = row[0]
row_data = row[1]
row_grp = row[2]
if (row_type == "hostname"):
row_name = row[3]
else:
row_name = ""
addobj = 1
if (debug == 1):
print(row_type, row_data, row_grp)
if (row_type == "service"):
#data should be in format of (service,<tcp/udp>,<number>)
if (row_data == "tcp"):
apifunctions.add_a_tcp_port(ip_addr, row_grp, sid)
if (row_data == "udp"):
apifunctions.add_a_udp_port(ip_addr, row_grp, sid)
elif (row_type == "group"):
# row_data will have group, row_grp will have group we want to add into
# add row_data group as a member to row_grp
movefwd = 1
if (apifunctions.group_exist(ip_addr, row_data, sid) == False):
if (args.y == 'y' or args.y == 'Y'):
toadd = "yes"
else:
print(
"Source Group does not exist. Do you want to create (yes/no). If you say No this line will be slipped ",
row_data)
toadd = input("(yes/no) : ")
if (toadd == "yes"):
apifunctions.add_a_group(ip_addr, row_data, sid)
else:
movefwd = 0
if (apifunctions.group_exist(ip_addr, row_grp, sid) == False):
if (args.y == 'y' or args.y == 'Y'):
toadd = "yes"
else:
print(
"Source Group does not exist. Do you want to create (yes/no). If you say No this line will be slipped ",
row_grp)
toadd = input("(yes/no) : ")
if (toadd == "yes"):
apifunctions.add_a_group(ip_addr, row_grp, sid)
else:
movefwd = 0
if (movefwd == 1):
#either both groups existed or we created both ... either way lets do this
apifunctions.add_group_to_group(ip_addr, row_data, row_grp,
sid)
# end elif group
else:
if (row_grp == "nogroup"):
## we're not going to place this in a group
if (row_type == "network"):
tmp = row_data.split('/')
apifunctions.add_a_network(
ip_addr, prefix + tmp[0], tmp[0],
apifunctions.calcDottedNetmask(int(tmp[1])), sid)
if (row_type == "host"):
apifunctions.add_a_host(ip_addr, prefix + row_data,
row_data, sid)
if (row_type == "hostname"):
apifunctions.add_a_host(ip_addr, row_name, row_data,
sid)
else:
## we doing some group stuff
if (apifunctions.group_exist(ip_addr, row_grp,
sid) == False):
if (args.y == 'y' or args.y == 'Y'):
toadd = "yes"
else:
print(
"Group in row does not exist do you want to create (yes/no) if you say no this line will be skipped ",
row_grp)
toadd = input("(yes / no) : ")
if (toadd == "yes"):
apifunctions.add_a_group(ip_addr, row_grp, sid)
else:
addobj = 0
if (addobj == 1):
#this is a valid group
if (row_type == "network"):
tmp = row_data.split('/')
apifunctions.add_a_network_with_group(
ip_addr, prefix + tmp[0], tmp[0],
apifunctions.calcDottedNetmask(int(tmp[1])),
row_grp, sid)
if (row_type == "host"):
apifunctions.add_a_host_with_group(
ip_addr, prefix + row_data, row_data, row_grp,
sid)
if (row_type == "hostname"):
apifunctions.add_a_host_with_group(
ip_addr, row_name, row_data, row_grp, sid)
#end if(grp = nogroup)
#end else --- network object
#end for row in csvreader
#end with open
### some times publish doesn't work and sits in dashboard
### publish
print("Start of Publish ... zzzzzz")
time.sleep(20)
publish_result = apifunctions.api_call(ip_addr, "publish", {}, sid)
print("publish results : " + json.dumps(publish_result))
time.sleep(20)
### logout
logout_result = apifunctions.api_call(ip_addr, "logout", {}, sid)
if (debug == 1):
print(logout_result)
def main():
debug = 1
#create instance of Field Storage
form = cgi.FieldStorage()
cma = form.getvalue('cma')
if (cma == "192.168.159.155"):
policy = form.getvalue('adm5policy')
elif (cma == "192.168.159.151"):
policy = form.getvalue('adm1policy')
elif (cma == "192.168.159.156"):
policy = form.getvalue('adm6policy')
elif (cma == "192.168.159.161"):
policy = form.getvalue('adm11policy')
elif (cma == "192.168.159.167"):
policy = form.getvalue('adm17policy')
elif (cma == "192.168.159.158"):
policy = form.getvalue('adm8policy')
elif (cma == "192.168.159.160"):
policy = form.getvalue('adm10policy')
elif (cma == "192.168.159.162"):
policy = form.getvalue('adm12policy')
elif (cma == "192.168.159.163"):
policy = form.getvalue('adm13policy')
elif (cma == "192.168.159.164"):
policy = form.getvalue('adm14policy')
elif (cma == "192.168.159.169"):
policy = form.getvalue('adm19policy')
else:
policy = "none"
#policy5 = form.getvalue('adm5policy')
source = form.getvalue('sourceip')
dest = form.getvalue('destip')
port = form.getvalue('service')
## html header and config data dump
print("Content-type:text/html\r\n\r\n")
print("<html>")
print("<head>")
print("<title>Packet Mode</title>")
print("</head>")
print("<body>")
print("<br><br>")
print("Packet Mode 0.1<br><br>")
print("Values :")
print(cma)
print("<br>")
print(policy)
print("<br>")
print(source)
print("<br>")
print(dest)
print("<br>")
print(port)
print("<br>")
packet_mode_json = {
"name": policy,
"filter": "src:" + source + " AND dst:" + dest + " AND svc:" + port,
"filter-settings": {
"search-mode": "packet"
}
}
print(packet_mode_json)
print("<br>")
ip_addr = "192.168.159.150"
ip_cma = cma
user = "******"
password = "******"
if (cma == "--All--" or policy == "none" or policy == "0"):
print("you didn't select a cma or a policy")
print("------- end of program -------")
print("<br><br>")
print("</body>")
print("</html>")
exit(1)
sid = apifunctions.login(user, password, ip_addr, ip_cma)
if (debug == 1):
print("session id : " + sid)
print("<br>")
get_rulebase(ip_addr, packet_mode_json, sid)
# don't need to publish
time.sleep(20)
### logout
logout_result = apifunctions.api_call(ip_addr, "logout", {}, sid)
if (debug == 1):
print(logout_result)
print("<br>")
print("------- end of program -------")
print("<br><br>")
print("</body>")
print("</html>")
def main():
debug = 1
#create instance of field storage
form = cgi.FieldStorage()
cma_base = form.getvalue('cma') #modified for test
userid = form.getvalue('user')
passwd = form.getvalue('password')
cma_map = {
'adm1': {
'cma': '192.168.159.151',
'mds': '192.168.159.150'
},
'adm2': {
'cma': '204.135.121.152',
'mds': '204.135.121.150'
},
'adm3': {
'cma': '204.135.121.153',
'mds': '204.135.121.150'
},
'adm5': {
'cma': '192.168.159.155',
'mds': '192.168.159.150'
},
'adm6': {
'cma': '204.135.121.156',
'mds': '204.135.121.150'
},
'adm7': {
'cma': '204.135.121.157',
'mds': '204.135.121.150'
},
'adm8': {
'cma': '204.135.121.158',
'mds': '204.135.121.150'
},
'adm10': {
'cma': '192.168.159.160',
'mds': '192.168.159.150'
},
'adm11': {
'cma': '192.168.159.161',
'mds': '192.168.159.150'
},
'adm12': {
'cma': '192.168.159.162',
'mds': '192.168.159.150'
},
'adm13': {
'cma': '192.168.159.163',
'mds': '192.168.159.150'
},
'adm14': {
'cma': '204.135.121.164',
'mds': '204.135.121.150'
},
'adm17': {
'cma': '192.168.159.167',
'mds': '192.168.159.150'
},
'adm19': {
'cma': '192.168.159.169',
'mds': '192.168.159.150'
},
'adm24': {
'cma': '204.135.121.174',
'mds': '204.135.121.150'
},
}
dcma_map = {
'adm25': {
'cma': '146.18.96.25',
'mds': '146.18.96.16'
},
'adm26': {
'cma': '146.18.96.26',
'mds': '146.18.96.16'
},
'adm27': {
'cma': '146.18.96.27',
'mds': '146.18.96.16'
},
}
mds_ip = cma_map[cma_base]['mds'] # mod to d
cma_ip = cma_map[cma_base]['cma'] # mod to d
## html header and config data dump
print("Content-type:text/html\r\n\r\n")
print("<html>")
print("<head>")
print("<title>Bulk Add Results</title>")
print("</head>")
print("<body>")
print("Bulk Add<br><br>")
print(cma_ip + "<br>")
print(cma_map[cma_base]) # mod to d
print("<br>")
sid = apifunctions.login(userid, passwd, mds_ip, cma_ip)
if (debug == 1):
print("session id : " + sid + "<br>")
group_to_use = form.getvalue('group')
objects_raw = form.getvalue('objects')
prefix = form.getvalue('prefix')
objects_s1 = str(objects_raw) # odd i know but ya got to
objects_s2 = objects_s1.split(' ')
objects_s3 = objects_s2[0].split()
objects_s4 = list() #used to get rid of white spaces
if (debug == 1):
#tmp
print("raw<br>")
print(objects_raw)
print("<br>")
print("s1<br>")
print(objects_s1)
print("<br>")
print("s2<br>")
print(objects_s2)
print("<br>")
print("s3<br>")
print(objects_s3)
print("<br><br>")
### 06.02.2020 s4 does not work
"""
print("-----------------------------------------------------<br>")
for ob in objects_s2:
print(ob)
print("---<br>")
ob = ob.strip()
print(ob)
if(ob == '\n' or ob == '\r' or ob == '\r\n'):
print("dropping char returns<br>")
elif(ob == ''):
print("removing spaces<br>")
else:
objects_s4.append(ob)
print("+++<br>")
print("-----------------------------------------------------<br>")
"""
#if(debug == 1):
# print("Group to add to<br>")
# print("-" + group_to_use + "-")
# print("<br>")
if (group_to_use == None):
print("no group to add<br>")
else:
#if something with the proposed group name exist. tell user (IN CAPS) and still create objects
group_to_use = group_to_use.strip()
if (apifunctions.name_exist(mds_ip, group_to_use, sid) == True):
#
# issue here .. if it exist but is a group ?
#
if (get_obj_type(mds_ip, group_to_use, sid) != "group"):
print(
"CAN'T ADD GROUP <br>OBJECT WITH THIS NAME ALREADY EXIST<br>MOVING FORWARD WITHOUT GROUP<br>"
)
group_to_use = None
else:
apifunctions.add_a_group(mds_ip, group_to_use, sid)
#if(group_to_use == "None"):
# print("no group to add <br>")
#else:
# apifunctions.add_a_group(mds_ip, group_to_use, sid)
## iterator for doing changes every 20 objects
iterator = 0
print("<br>")
print("Object Listing<br>")
for obj in objects_s3:
print(obj)
print("<br>")
obj_type = what_am_i(obj)
print("*****<br>")
print(obj_type)
print("<br>")
print("-----<br>")
if (obj_type == "host"):
add_host(obj, group_to_use, mds_ip, prefix, sid)
if (obj_type == "network"):
parts = obj.split('/')
add_network(parts[0], parts[1], group_to_use, mds_ip, prefix, sid)
iterator = iterator + 1
if (iterator == 20):
time.sleep(5)
tmp_publish_result = apifunctions.api_call(mds_ip, "publish", {},
sid)
print("peridoic publish result : " +
json.dumps(tmp_publish_result))
time.sleep(5)
iterator = 0
#print(objects_raw)
print("<br>Start of Publish ... zzzzzz")
time.sleep(5)
publish_result = apifunctions.api_call(mds_ip, "publish", {}, sid)
print("publish results : " + json.dumps(publish_result))
time.sleep(20)
### logout
logout_result = apifunctions.api_call(mds_ip, "logout", {}, sid)
if (debug == 1):
print(logout_result)
print("------- end of program -------")
print("<br><br>")
print("</body>")
print("</html>")
def main():
debug = 1
if (debug == 1):
print("packet mode search : version 0.3")
#parser = argparse.ArgumentParser(description='Policy Extractor')
#parser.add_argument("-m", required=True, help="MDS IP")
#parser.add_argument("-c", required=True, help="CMA IP")
#args = parser.parse_args()
ip_addr = "146.18.96.16" #args.m
ip_cma = "146.18.96.25" #args.c
user = "******"
password = "******"
sid = apifunctions.login(user, password, ip_addr, ip_cma)
if (debug == 1):
print("session id : " + sid)
"""
mgmt_cli -r true -d 146.18.96.25 show access-rulebase name "HubLab Network" filter
"src:146.18.2.137 AND dst:204.135.16.50 AND svc:443" filter-settings.search-mode packet
and does not equil AND the all cap's matter a LOT
"""
#packet_mode_json = {
# "name" : "SearchTest Network",
# "filter" : "src:146.18.2.137 AND dst:10.250.1.1 AND svc:443",
# "filter-settings" : {
# "search-mode" : "packet"
# }
#}
#object_dic = {}
policies_dic = {}
policies_dic = get_policies(ip_addr, sid)
if (debug == 1):
print("*****")
print(policies_dic)
print("*****")
for x in policies_dic:
print(str(x) + " : " + policies_dic[x])
policy = input("Select a number above : ")
source_ip = input("Enter Source IP : ")
dest_ip = input("Enter Dest IP : ")
dport = input("Enter Dest Port : ")
packet_mode_json = {
"name": policies_dic[int(policy)],
"filter":
"src:" + source_ip + " AND dst:" + dest_ip + " AND svc:" + dport,
"filter-settings": {
"search-mode": "packet"
}
}
if (debug == 1):
print(packet_mode_json)
get_rulebase(ip_addr, packet_mode_json, sid)
#get_rules(ip_addr, packet_mode_json, sid)
# don't need to publish
time.sleep(20)
### logout
logout_result = apifunctions.api_call(ip_addr, "logout", {}, sid)
if (debug == 1):
print(logout_result)